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Response to Amendment 

This Office Action is in response to a comnnunication made on Marcli 1 1 , 2010. 
Tlie Power of Attorney lias been received on May 4, 2010. 
Claims 7-8, 10-11, 14, and 20 are currently amended. 
Claim 23 is newly added. 

Claims 7-8, 10-11, 14, 20, and 22-23 are pending in this application. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 7, 10, 20, and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over llnicki (6751677) in view of Vu (5623601). 

Regarding claim 7, llnicki teaches a method allowing a client application running 
on a client machine linked to a client network to establish communication with a server 
application hosted in a server machine linked to a server network in order to exchange 
messages with the server application, said messages passing between the client 
network and the server network through a network layer of a gateway machine (Figure 
3), the method comprising: 
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A) receiving a request from tlie client application to establish communication at a 
first security level to a first port on the server machine (Col. 5, lines 21 -25); 

B) creating a first port on the gateway machine (Col. 5, lines 4-13); 

C) creating at least one first created process on the gateway machine (Col. 8, 
lines 46-57); 

D) establishing a first connection from the client application to the first port on the 
gateway machine, the first connection connecting the client machine to the gateway 
machine for the exchange of messages at the first security level (Col. 5, lines 21 -25); 

E) creating a second port in the gateway machine (Col. 8, lines 46 - 57); 

F) establishing a second connection from the second port of the gateway 
machine to the first port of the server machine, the second connection to be used to 
exchange messages at a second security level which is reduced from the first security 
level (Col. 8, lines 46 - 57); and 

G) rerouting to the second port of the gateway machine messages sent from the 
client network addressed to the first port of the server machine (Col. 8, lines 46 - 57); 

H) routing, to the first port of the gateway machine, messages received by the 
gateway machine that art addressed to the client application on the client machine (Col. 
8, lines 46-57). 

Illnicki does not explicitly indicate the first created process on the gateway 
machine handling security processing at the first security level for said messages sent 
and said messages received on the first port of the gateway machine, thereby removing 
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from the server machine, security processing at the first security level for these 
messages. 

Vu teaches a system with a gateway station intercepting communications 
travelling into the private network (See Abstract) which includes the idea that the user is 
authenticated at the proxy server, but the user needs not provide any security or 
authentication once the session has entered the private network (Col. 1 1 , lines 18 - 44). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made that Vu's teaching can be incorporated into llnicki's system so that 
if the network is configured that the gateway gets places on the edge of a private 
network, a secure connection needs only to be maintained as far as the public network 
and the security session information does not need to be continued into the more 
secure private network. 

Regarding claim 10, llnicki teaches a method according to claim 7, wherein said 
steps D, E, and F are executed automatically by the first created process of the gateway 
machine and wherein said first created process generates the second process that 
executes said steps G and H (Col. 5, lines 21 -25, wherein using different processes for 
different operations of the gateway is an obvious variation of any program run on a 
computer). 

Regarding claim 20, llnicki teaches a method according to claim 7, further 
comprising deleting, by ordering the network layer of the gateway machine, messages 
sent from the client network to a port other than the first located in the server machine 
regardless of a security level of said message sent to the port (Col. 5, lines 60 - 65, 
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where if the port is unauthorized to be sent through the gateway, then the messages will 
not be allowed to pass through the gateway). 

Regarding claim 23, Inicki teaches a method as claimed in claim 7, wherein the 
rerouting of the messages addressed to the first port of the server application is done in 
a way that is transparent to the client application (Col. 8, lines 46 - 57). 

Claims 8, 11, 14, and 22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over llnicki in view of Vu, and in further view of Rees (6981265). 

Regarding claim 14, llnicki teaches a method for allowing a client application to 
establish, in a client network, a first connection at a first security level with a first port of 
a server application hosted in a server machine linked to a server network, in order to 
send messages addressed to the server machine, said messages passing from the 
client network to the server network through a network layer of a gateway machine, the 
method comprising: 

generating, in the gateway machine, a processing thread which establishes said 
first connection (Col. 5, lines 21 -25); 

activating, in the gateway machine, a secure application proxy that performs 
security processing at the first security level and that reroutes the messages addressed 
to the first port of the server application away from the first connection (Col. 5, lines 21 - 
25); and. 
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establishing at a second security level, a second connection between a port of 
the server application and the gateway machine, said port being configured to receive at 
least one message at a second security level from the gateway machine via said 
second connection(Col. 8, lines 46 - 57), and 

wherein said generating step is performed in response to detection of a request 
from the client application addressed to the first port of the server application to 
establish said first connection; and wherein said second connection is unknown to said 
client application (Col. 8, lines 46 - 57). 

Ilnicki does not explicitly indicate that the gateway server establishes a 
connection with a second port of the server application, rather than a first port or that 
the second security level is lower than the first. 

Rees teaches a system for relaying messages from an external network into an 
internal network through a gateway (Fig. 11) that includes a teaching that messages 
forwarded to port 1 of a port inside the network can be forwarded to a different port 
inside the network by the gateway (Col. 22, line 50 - Col. 23, line 20). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Rees teaching of allowing the gateway redirect a 
communication from a first port to a second to allow communications external to the 
target server's network access ports which only internal user's can access. 

Vu teaches a system with a gateway station intercepting communications 
travelling into the private network (See Abstract) which includes the idea that the user is 
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authenticated at tlie proxy server, but tlie user needs not provide any security or 
autlientication once tlie session lias entered tlie private networl< (Col. 1 1 , lines 18 - 44). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made that Vu's teaching can be incorporated into llnicki's system so that 
if the network is configured that the gateway gets places on the edge of a private 
network, a secure connection needs only to be maintained as far as the public network 
and the security session information does not need to be continued into the more 
secure private network. 

Regarding claim 8, llnicki teaches a method according to claim 7, wherein said 
created process comprises: 

establishes, in a first phase, said first connection at the first security level in a first 
interface associated with the first port and with said request; 

establishes in a second phase said second connection at the second level of 
security in a second interface to the third port in the server machine; 

writes in a third phase at the second security level to second interface any 
message read in the first interface at the first security level, and 

writes in a fourth phase at the first security level in the first interface any 
message read in the second interlace at the second security level (Col. 8, lines 46 - 
57). 

llnicki does not explicitly indicate that the gateway server establishes a 
connection with a second port of the server application, rather than a first port. 
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Rees teaches a system for relaying messages from an external network into an 
internal network through a gateway (Fig. 11) that includes a teaching that messages 
forwarded to port 1 of a port inside the network can be forwarded to a different port 
inside the network by the gateway (Col. 22, line 50 - Col. 23, line 20). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Rees teaching of allowing the gateway redirect a 
communication from a first port to a second to allow communications external to the 
target server's network access ports which only internal user's can access. 

Regarding claim 11, llnicki teaches a method according to claim 8, wherein said 
steps D, E, and F are executed automatically by the first created process of the gateway 
machine and wherein said first created process generates the second process that 
executes said steps G and H (Col. 5, lines 21 -25, wherein using different processes for 
different operations of the gateway is an obvious variation of any program run on a 
computer). 

Regarding claim 22, llnicki teaches a method as claimed in claim 14, wherein 
the rerouting of the messages addressed to the first port of the server application is 
done in a way that is transparent to the client application (Col. 8, lines 46 - 57). 

Response to Arguments 

Applicant's arguments with respect to claims 7 and 14 have been considered but 
are moot in view of the new ground(s) of rejection. 
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Conclusion 

Applicant's amendnnent necessitated tlie new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KEVIN BATES whose telephone number is (571)272- 
3980. The examiner can normally be reached on M-F 8 am - 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding tlie status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/KEVIN BATES/ 

Primary Examiner, Art Unit 2456 



